What you need to know about GDPR and Identity Access Management

Get ready for GDPR!

The General Data Protection Regulation (GDPR) is due to come into force in on 25th May, 2018 – so how will this affect your organization? How do you mitigate vulnerabilities and risks with the support of Identity Access Management?

You may feel overwhelmed by the requirements of this regulation, especially considering the financial ramifications of non-compliance. However, leveraging identity governance at the core of your security strategy can go a long way towards mitigating the risk of a data breach and the resulting penalties that may incur.

Find out who is affected by the General Data Protection Regulation and resulting obligations

Enforce the compliant use and restrict the access to personal data

Demonstrate the implementation of appropriate measures for ensuring compliance with the principles of GDPR

So why is identity Access Management a ‘a must have’ for enforcing GDPR compliance?

GDPR contains various references to the need and the use of Identity & Access Management. But like many other aspects of this regulation these links are not explicit. Probably to the regret of many ‘controllers’ and ‘processors’, who would prefer a regulation that states in round terms ‘what needs to be done’, a fundamental claim of the regulation towards the ‘controllers’ is, to first make them think about the processing of personal data.

Thinking about the purpose of the processing, thinking about the adequate protection, thinking about the processes of processing. But if a regulation is focused on describing the target scenario and the intended attitude of the organizations, you shouldn’t be surprised, that GDPR isn’t specifying the way to get there. This is the reason, why there are no quotes like ‘to protect personal data, the use of Identity & Access Management systems is mandatory’.

Accountability as fundamental standard in GDPR

Corresponding to other legal frameworks, the demand for ‘accountability’ in this context requires the certainty, that the compliant use of (and with this the access to) personal data is permanently enforced. A certainty that can only be achieved by the implementation of an effective Identity Management System.

Security by Design

The explicitly mentioned question of accessibility is an indisputable assignment for the implementation of a powerful Access Governance / Access Management system. GDPR is also mentioning technical and organizational measures which supports the widely accepted understanding, that any implementation of IAM is a mixed project of technical and organizational aspects, “Security by Design” is probably the most distinct request for the need of IAM in the entire regulation.

GDPR and Identity Access Management

In fact the entire GDPR is dealing with the natural conflict between the businesswise needed, legitimate use of personal data and the intention to restrict in volume and access as much as possible. The only available answer to this conflict is given by an Identity & Access Management system.

Born in 1968, he received his diploma in electronic engineering at TechnischeUnversität Berlin in 1993. In 2000, Niels von der Hude passed the ‘General Management Programme’ at INSEAD. After ten years of work in telecommuncation business, where he acted as a management consultant and as a corporate investment manager, Niels von der Hude entered Beta Systems in 2003.

Products

BETA SYSTEMS SOFTWARE AG

Beta Systems was founded in 1983, has been listed on the stock exchange since 1997 and employs around 270 staff. Company headquarters are located in Berlin, Germany.
The company, together with its 14 self-owned subsidiaries and numerous partners, has a strong domestic and international focus. More than 1,300 customers located in over 30 countries are running about 3,200 installations that help them optimize their IT processes. Beta Systems is a leading mid-sized, independent European software solution provider that generates about 40% of its total turnover abroad.